This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
WordPress hit by massive botnet attack
WordPress and its 64 million blogs are currently under attack by a botnet ‘tens of thousands’ of computers strong.
These sites are most at risk if you’ve kept your WordPress username as ‘admin’, as the botnet is tirelessly trying thousands of possible passwords to get in and mess things up. This bonnet has “supposedly” over 90,000 IP addresses so IP limiting and login throttling won’t help much.
WordPress founder Matt Mullenweg has some revolutionary advice, “Here’s what I would recommend: If you still use admin as a username on your blog, change it, use a strong password.”
Over the past week, analysts from a variety of security and networking firms have tracked an alarming uptick in so-called “brute force” password-guessing attacks against Web sites powered by WordPress, perhaps the most popular content management system in use today.
According to Web site security firm Incapsula, those responsible for this crime campaign are scanning the Internet for WordPress installations, and then attempting to log in to the administrative console at these sites using a custom list of approximately 1,000 of the most commonly-used username and password combinations.
Incapsula co-founder Marc Gaffan told KrebsOnSecurity that infected sites will be seeded with a backdoor the lets the attackers control the site remotely (the backdoors persist regardless of whether the legitimate site owner subsequently changes his password). The infected sites then are conscripted into the attacking server botnet, and forced to launch password-guessing attacks against other sites running WordPress.
HostGator’s Valant urged WordPress administrators to change their passwords to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*). For more on picking strong passwords, see this tutorial. Users can also restrict access to wp-admin so that it is only reachable from specific IP addresses.
WordPress administrators who have been hacked should strongly consider taking the following steps to evict the intruders and infections:
– Log in to the administrative panel and remove any unfamiliar admin users.
– Change all passwords for all admin users (and make sure all legitimate accounts are protected with strong passwords this time).
– Update the secret keys inside WordPress (otherwise any rogue admin user can remain logged in).
– Reinstall WordPress from scratch or revert to a known, safe backup.
Share this page
Filed under
Tags
Written by
Date
15.04.13
Tony Cook
Tony is co-founder, lead website designer and head of digital at CuCo Creative. Since graduation with a BA(Hons) in Advertising and Graphic Communications, he has developed his website designer and developer skills, with WordPress being his preferred choice of CMS. Tony boasts over 25 years hands-on experience in creative design and over 20 years in digital design. Tony is responsible for the website design team at CuCo and regularly builds great bespoke websites for CuCo's clients. Whilst the digital world has become a real strength, Tony does like to keep his foot in the creative design side of the agency, helping the design team deliver impactful branding solutions and impactful marketing campaigns.
Find me on
LinkedIn . Twitter . Instagram
Other posts by Tony Cook
Back to blog
CuCo Creative Ltd, Unit 3 Stratfield Saye, 20-22 Wellington Road, Bournemouth, Dorset BH8 8JN
© 2008-2023 CuCo Creative Ltd. Cookies & Privacy Policy | Environmental Policy | CuCo Creative are a member of the Design Business Association.